RevealX NDR is the core cybersecurity module of the RevealX platform. It enables organizations to reduce risk and identify threats other tools like EDR and SIEM miss. By ingesting and analyzing network packets, RevealX NDR provides OSI Layer 2–Layer 7 visibility and real-time detection while providing streamlined investigation workflows for faster, more confident response across on-premises, remote, hybrid, and multicloud environments. For more information, visit the RevealX NDR overview page.

While both core modules are critical for risk reduction and the business resiliency of your network, RevealX NDR is focused on cybersecurity, and RevealX NPM is focused on performance. RevealX NDR proactively detects potential cyber threats across the attack surface, while RevealX NPM actively monitors potential network and application performance issues. For more information, visit the RevealX NPM overview page.

RevealX NDR takes a full-spectrum detection approach that combines real-time detection of the latest CVEs and continuous behavioral machine learning to catch stealthy, post-compromise attacker tactics, techniques, and procedures. For a deeper dive into ExtraHop’s detections, read our Detections White Paper.

ExtraHop creates structured records from raw network packets and then securely transports those records to ExtraHop Cloud Services, where we use them to train advanced machine learning (ML) models to deliver accurate detections and insights to RevealX NDR users. For more detailed information, read this blog.

The RevealX platform enables users to integrate modules for Intrusion Detection System (IDS) and Packet Forensics with a scalable packet capture (PCAP) repository.

IDS and Packet Forensics modules are add-on modules to the RevealX platform’s core NDR module and cannot be purchased as standalone products.

RevealX NDR is available as a managed security service via trusted partners such as Binary Defense. For more information, visit Managed Service Provider Partner Program.

ExtraHop products and services are GDPR compliant. ExtraHop engages with a third party for annual SOC 2 and SOC 3 audits and is a member of the U.S. Privacy Shield program. For more information, visit ExtraHop Security and Compliance.

The RevealX platform consists of a set of components based on your environmental needs: sensors, recordstores, and a console for centralized management and unified data views. All components are available in physical, virtual, and cloud-based options that are sized based on your needs.

You can deploy RevealX NDR in on-premises, remote, and cloud environments. For more information, visit ExtraHop Implementation.

The ExtraHop Deployment Service ensures RevealX NDR is set up, receiving and processing inbound data, and ready for operational and management handoff. The ExtraHop team can also assist with onboarding. To learn more, read this brief.

Yes. RevealX NDR can decrypt SSL/TLS (including TLS 1.3), NTLM, Kerberos, and SMBv3 network traffic. This is a key difference between RevealX and other solutions. Most other solutions only look at the 3 way TLS handshake as well as metadata about the session. No other solution does TLS decryption as well as decryption of NTLM, Kerberos, and SMBv3 traffic in real-time, which are critical for detecting many kinds of Active Directory based attacks. It also decodes 90+ protocols, including common Microsoft protocols such as SMBv3, Kerberos, Active Directory, and MSRPC to provide full visibility into encrypted traffic across the attack surface.

When you think of a typical client/server conversation over the network, you can think of the network protocol as the language they are speaking. Without speaking the language, all you really know is that one person called the other and said a certain number of words over time, but it’s very hard to tell if the nature of that conversation was “good” or “bad.” RevealX can serve as your translator for over 90 network protocols, making it easy for you to tell the difference between normal and malicious activity across your on-premise and multi-cloud networks.

RevealX NDR uses a port mirror or tap to passively ingest network traffic. ExtraHop conducts real-time stream processing of network traffic data and transforms the unstructured packets into structured wire data for deep analysis.

The ExtraHop Customer Success team is a dedicated resource for all ExtraHop customers and can help with success planning, operational assessments, product aid, and more.

ExtraHop offers a credit-based system for professional services, including deployments, training, integrations, support, and more. To learn more, visit ExtraHop Services.

ExtraHop has several integrations with leading vendors, including CrowdStrike, Splunk, Netskope, AWS, Microsoft, Gigamon, and more. Every ExtraHop customer has access to CrowdStrike Falcon Intelligence. To learn more, visit ExtraHop Integrations and Automations.

RevealX NDR offers robust query and investigation workflows within its user interface, but you can also integrate ExtraHop enriched network data with other back-ends like EDR and SIEM. The RevealX NDR Open Data Stream allows you to merge data from multiple sources into a single, rich set that can be queried and visualized using whatever tools your team prefers. RevealX NDR data can also be sent to data lakes.

You can purchase RevealX NDR directly from ExtraHop, through trusted channel partners and distributors, or via transactable listings on marketplaces such as the AWS Marketplace. For more information, Contact Us.

RevealX is sold as either a virtual or physical sensor under subscription-based pricing and has two deployment models: SaaS-based RevealX 360 and on-premises RevealX Enterprise. RevealX 360 pricing is based on the number of Discovered Devices, daily record ingest capacity, and record lookback period (30, 90, or 180 days). RevealX Enterprise pricing is based on the number of Discovered Devices and does not include record capacity. Customers can bundle modules for each deployment model to fit functional and capacity needs. For more information, Contact Us.

Each device that is discovered by a single ExtraHop sensor and which has a unique identifier counts towards your licensed device capacity. If a device is discovered by multiple sensors, that device is counted towards the device capacity for each unique sensor, and counts towards your total device capacity.

RevealX NPM is a core module of the RevealX platform. It enables organizations to leverage the network as a central source of truth. Network Performance Monitoring workflows enable you to monitor how services and devices interact with each other and how transactions flow across the data link layer (L2) to the application layer (L7) in your network. The platform harnesses visibility into network data and cloud-native machine learning (ML) for real-time analytics, identifying potential network and application performance issues to expedite incident response time.

While both are essential models of a modern NDR platform, RevealX NPM focuses on monitoring network performance, whereas RevealX NDR focuses on monitoring network security. NPM actively identifies potential network and application performance issues, whereas NDR proactively identifies potential malicious activity.

RevealX NPM is available as both a SaaS-based and on-premises solution. The SaaS-based RevealX 360 provides unified security across on-premises and cloud environments, 360-degree visibility and situational intelligence without friction, and immediate value with a low management burden. RevealX Enterprise is a self-managed solution that provides complete east-west visibility and real-time threat detection inside the perimeter.

RevealX NPM integrates with the ExtraHop Packet Forensics module to provide full packet capture, storage, and retrieval. This scalable packet capture (PCAP) repository delivers cost-effective modular storage, precision packet search in a single workflow, and fast and easy-to-use queries to get answers quickly.

Packet Forensics is an add-on module to the RevealX platform and cannot be purchased as a standalone product.

RevealX NPM consists of a set of components based on your environmental needs: sensors, packetstores, recordstores, and a console for centralized management and unified data views. You can deploy all components as physical, virtual, and cloud-based options based on your needs.

RevealX NPM passively observes unstructured packets through a port mirror or tap, and stores the data in a local datastore. The network traffic data undergoes real-time stream processing, which transforms the packets into structured wire data for analysis.

RevealX NPM supports over 90 enterprise protocols with real-time fluency at the application layer. Protocol modules offer varying levels of analysis, starting with L7 classification, and Application Inspection Triggers to create a custom metric.

See supported protocols

Yes. RevealX NPM proactively detects potential network and application performance issues by leveraging cloud-scale machine learning (ML). The ML service tracks detections in eight categories across your environment. Within each of these categories, the ML evaluates several protocols and hundreds of metrics, all with custom logic, to find and correlate active problems.

Yes. RevealX can decrypt SSL/TLS (including TLS 1.3) network traffic, as well as common Microsoft protocols, such as SMBv3, Kerberos, Active Directory, and MSRPC, offering complete observability for troubleshooting.

RevealX NPM is designed to help enterprises derive meaningful insights from an immense wealth of information through automatically populated role-based dashboards. These dashboards function on a drag-and-drop model so you can customize them further with unique widgets. Along with traditional methods of data visualization like charts and graphs, RevealX NPM uses live activity maps to present a dynamic and intuitive view of your environment.

Yes. RevealX NPM integrates with leading IT service management (ITSM) and IT operations (IT Ops) tools, including Splunk, Microsoft, AWS, and more. For organizations that rely on chat platforms to coordinate workflows, RevealX NPM can send information about detections to Slack or other collaboration platforms through a REST API. RevealX NPM also integrates with ticketing systems such as ServiceNow, automatically creating tickets for analyst triage queues and ingesting ticket information to display beside a detection.

See all integrations

While rich query and investigation workflows are available within the RevealX NPM interface, it’s also easy to integrate wire data metrics with the other data stores, querying tools, and analytics platforms in your stack. The RevealX NPM Open Data Stream allows you to merge data from multiple sources into a single, rich set that can be queried and visualized using whatever tools your team prefers, including AppDynamics, Elastic, MongoDB, and more.

See all integrations